Debian Package Tracker

general

source: mxml (main)
version: 3.1-1
maintainer: Alastair McKinstry (DMD)
arch: any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.6-2
o-o-sec: 2.6-2+deb8u1
oldstable: 2.10-1
stable: 2.12-2
testing: 3.1-1
unstable: 3.1-1

versioned links

2.6-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.6-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.10-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.12-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libmxml-dev
libmxml1 (1 bugs: 0, 1, 0, 0)

action needed

Failed to analyze the VCS repository. Please troubleshoot and fix the issue. high

vcswatch reports that there is an error with this package's VCS, or the debian/changelog file inside it. Please check the error shown below and try to fix it. You might have to update the VCS URL in the debian/control file to point to the correct repository.

fatal: could not read Username for 'https://salsa.debian.org:': No such device or address

Created: 2018-07-09 Last update: 2019-10-14 06:52

2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:

CVE-2018-20593: In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
CVE-2018-20592: In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.

Please fix them.

Created: 2019-07-07 Last update: 2019-09-07 05:55

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2018-20593: In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
CVE-2018-20592: In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.

Please fix them.

Created: 2018-12-10 Last update: 2019-09-07 05:55

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2019-08-25 Last update: 2019-10-15 02:34

The URL(s) for this package had some recent persistent issues low

DUCK reports some issues concerning upstream URLs defined for this package.

Created: 2019-01-12 Last update: 2019-10-15 01:33

2 ignored security issues in buster low

There are 2 open security issues in buster.

2 issues skipped by the security teams:

CVE-2018-20593: In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
CVE-2018-20592: In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.

Please fix them.

Created: 2018-12-10 Last update: 2019-09-07 05:55

2 ignored security issues in jessie low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2018-20593: In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
CVE-2018-20592: In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.

Please fix them.

Created: 2016-05-06 Last update: 2019-09-07 05:55

3 ignored security issues in stretch low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2018-20593: In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
CVE-2018-20592: In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.
CVE-2018-20004: An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml.

Please fix them.

Created: 2018-12-10 Last update: 2019-09-07 05:55

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2014-07-02 Last update: 2019-08-22 21:35

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.1 instead of 4.4.0).

Created: 2019-09-29 Last update: 2019-09-29 23:40

news

[rss feed]

[2019-09-07] mxml 3.1-1 MIGRATED to testing (Debian testing watch)
[2019-09-01] Accepted mxml 3.1-1 (source) into unstable (Alastair McKinstry)
[2019-08-28] mxml 3.0-1 MIGRATED to testing (Debian testing watch)
[2019-08-22] Accepted mxml 3.0-1 (source) into unstable (Alastair McKinstry)
[2019-01-25] Accepted mxml 2.6-2+deb8u1 (source amd64) into oldstable (Abhijith PA)
[2019-01-07] mxml 2.12-2 MIGRATED to testing (Debian testing watch)
[2019-01-02] Accepted mxml 2.12-2 (source amd64) into unstable (Alastair McKinstry)
[2018-10-11] mxml 2.12-1 MIGRATED to testing (Debian testing watch)
[2018-10-11] mxml 2.12-1 MIGRATED to testing (Debian testing watch)
[2018-10-06] Accepted mxml 2.12-1 (source amd64) into unstable (Alastair McKinstry)
[2018-07-14] mxml 2.11-2 MIGRATED to testing (Debian testing watch)
[2018-07-09] Accepted mxml 2.11-2 (source amd64) into unstable (Alastair McKinstry)
[2018-03-08] mxml 2.11-1 MIGRATED to testing (Debian testing watch)
[2018-03-02] Accepted mxml 2.11-1 (source amd64) into unstable (Alastair McKinstry)
[2016-09-21] mxml 2.10-1 MIGRATED to testing (Debian testing watch)
[2016-09-15] Accepted mxml 2.10-1 (source amd64) into unstable (Alastair McKinstry)
[2016-09-06] mxml 2.9-3 MIGRATED to testing (Debian testing watch)
[2016-08-31] Accepted mxml 2.9-3 (source amd64) into unstable, unstable (Alastair McKinstry)
[2016-06-16] mxml 2.9-2 MIGRATED to testing (Debian testing watch)
[2016-06-11] Accepted mxml 2.9-2 (source amd64) into unstable (Alastair McKinstry)
[2016-06-10] Accepted mxml 2.9-1 (source amd64) into unstable (Alastair McKinstry)
[2013-01-03] Accepted mxml 2.7-1 (source amd64) (Luis Uribe) (signed by: Yaroslav Halchenko)
[2011-02-06] mxml 2.6-2 MIGRATED to testing (Debian testing watch)
[2010-10-22] Accepted mxml 2.6-2 (source mipsel) (Luis Uribe) (signed by: Anibal Monsalve Salazar)
[2009-11-27] mxml 2.6-1 MIGRATED to testing (Debian testing watch)
[2009-11-17] Accepted mxml 2.6-1 (source amd64) (Luis Uribe)
[2008-07-09] mxml 2.5-2 MIGRATED to testing (Debian testing watch)
[2008-06-29] Accepted mxml 2.5-2 (source amd64) (Luis Uribe)
[2008-05-21] mxml 2.5-1 MIGRATED to testing (Debian testing watch)
[2008-05-10] Accepted mxml 2.5-1 (source amd64) (Luis Uribe)

bugs [bug history graph]

all: 6
RC: 0
I&N: 6
M&W: 0
F&P: 0
patch: 1

links

homepage
lintian
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.12-2
2 bugs